System and Methods for Facilitating Secure Computing Device Control and Operation

ABSTRACT

A system and methods for facilitating secure computing device control and operation. The invention discloses a framework to supply security and policy-based control to computing applications as a software service. Clients running the framework make requests for services whereby they identify the service needed and its required parameters, encrypt and sign them, and send them to the service handler. The service handler decrypts, checks for policy allowance, and then, if allowed, executes the functions. The handler then encrypts and returns the response to the client. The framework allows for an aggregator that collects service requests for any number of clients and manages the distribution to service handlers and communications back to the clients.

PRIORITY CLAIM

This non-provisional application claims priority to Provisional Patent Application Ser. No. 62/161,614, entitled “System and Methods for Facilitating Secure Computing Device Control and Operation” filed May 14, 2015.

TECHNICAL FIELD

The present invention relates to the technical fields of Computer Security, Software as a Service, Mobile Computing, Telecommunications, Digital Communications, and Computer Technology.

BACKGROUND OF THE INVENTION

With the rapid proliferation of network enabled computing devices (the so-called Internet of Things) along with ubiquitous mobile personal devices and conventional computing platforms, the importance of secure, reliable computing environments is paramount. Failure to properly implement security on these new network enabled devices does not only threaten the devices themselves but could be a vulnerability for entire networks. This is a critical problem.

Secure access, management, and control of computing devices with compact or otherwise constrained processing hardware and networking hardware such as those found in the Internet of Things presents a number of challenges. Such devices may be constantly exposed to malicious attacks via the internet and can be remote and physically difficult or time-consuming to access directly by the permitted device users and administrators.

Many developers of devices and services do not focus on security as a priority—they understandably focus on their device or service. Also, these devices tend to be computationally lightweight and therefore have limited resources with which to implement reliable security. What is needed is a security framework that operates as a service whereby application developers need only subscribe to the service to receive appropriate implementation of security policies pertaining to their products and services.

Developers of computer code for such devices would benefit from having secure computing tools and secure services available so as to assist them in the development of secure computing code for the operation and control of these devices. A set of basic services is therefore provided that such developers can confidently and securely utilize without having to take the time and trouble to implement such services themselves.

This invention discloses a system and method for facilitating secure services over the network (as a software-as-a-service (SaaS) model) that also solves the problem of simplifying implementations for application programmers who need to implement security but who may not have the requisite expertise to do so.

The following device service framework and service design is disclosed herein as a way to provide developers with pre-built secure computing tools and services. As a whole, the framework represents a “base platform” for operation, control, and updating of online devices. Individual components or services from the framework may in some cases also be incorporated into devices to facilitate or simplify device development.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 Schematic representation of policy-based control system.

FIG. 2 Flow diagram showing a hypothetical client and server framework response to security service requests.

FIG. 3 Schematic diagram of the Secure Framework Service Architecture.

DETAILED DESCRIPTION OF THE INVENTION

In the present invention, a secure framework is proposed for registering, managing, and operating computing services simply but securely. The framework is designed to facilitate access to secure services on network-connected computing devices and to simplify secure software development for such devices.

The system is a transport mechanism that establishes “file system” and “network” services based on functions that the client registers with the framework. The framework runs on both the client and the servers that supply services to the client (see FIG. 2). The client issues “commands” to the server that name a service to be provided by the server and also provide any arguments that are required for that service. This can be accomplished either by a naming scheme whereby the client knows what services and commands are available, or by a discovery protocol so that it can be further extensible at run time.

The system can be further abstracted where an aggregator can be used to aggregate commands from individual components in the client without having to know the structure of the client itself. In FIG. 2, the Service/Receiver (205) is one such aggregator. The aggregator can handle requesting services and delivering responses back to the client components as needed. This is useful because it relieves client components from having to handle their own interface to security services.

On initialization, the framework runs in a loop whereby it executes “work” functions. Within the work functions in the loop, the framework constructs and sends commands and then receives responses. The client (designated as Node A, 201) creates remote service objects (202) that include the named service and command as well as arguments. This is useful because it allows the security services to run remotely or on the same hardware as the device if that is desired. The system then hashes, signs and encrypts the service call (203) and it is sent to the server for processing (204). Each request for services has a transaction number so that the calling client can track outstanding requests while it continues to compute.

The receiver (205), then authenticates, authorizes, and decrypts the service call (206) before it is dispatched for processing to the service handler. The receiver conducts a policy check to ensure that execution of the command is allowed for this client. If not allowed, a return message is sent, otherwise, the service handler is called. The service handlers may be remote or may run on the same hardware as the aggregator. This is useful because the service handlers know they will only receive properly vetted requests. Only authorized commands can be executed.

At this point, the client and the service are operating asynchronously. The client is not halted at any time while it waits for a response from the server. Execution continues with local execution of services (207). When the service handler completes, the response is encrypted and returned to the sender with its associated transaction number for identification (208).

When the response is received by the client, it is decrypted, verified, and passed to the appropriate function while computation continues (209). At this point, the process can repeat itself as needed.

The following components, shown schematically in FIG. 3, are the core components of the framework:

-   -   Scheduler (301): This component handles the scheduling of the         service handlers that perform the actual work functions for the         client.     -   Function Invocation Interface (302): This component is the         interface to the framework by which services are requested.     -   Registration mechanism for above (303) so that a client (304)         can define services of their own.

Abstraction of device specifics from the framework is accomplished via unix-like poll( ), ioctl( )and ioctl_completion( )functions, and other functions as required. However, in each case, policy-based control of each function call is provided by couplings to the policy-based system shown in FIG. 1, wherein each function or service invokes a Policy Decision Point (PDP) call to request a policy-based decision to allow or disallow the requested operation or take other appropriate action as specified by policy. In essence, each function or service in the framework incorporates or otherwise can invoke a Policy Enforcement Point (PEP). A service is defined by registering those functions with the framework (and giving each function a name). Services can then be targeted by remote endpoint for activity by invoking ioctl( )on the named services.

INDUSTRIAL APPLICATION

The invention disclosed herein is useful for any application domain where secure computing services are required but need not be executed or integrated into the local system directly. Mobile device applications are well suited to this invention because of their inherent lightweight computing capabilities and integrated networking. However, any computing application would benefit from the invention especially if the application developers want to “outsource” security to this service rather than implement it themselves. 

What is claimed is:
 1. A system for secure computing device control and operation for a requesting client from remote security and policy services, the system comprising: a network interface for connecting the requesting client to the remote security and policy services and for specifying the requested services and required parameters; a scheduler for scheduling the execution of remote security and policy services; a policy authenticator for verifying that the requesting client is allowed to access the requested services; and a dispatching subsystem for sending the service requests and required parameters to remote service providers.
 2. The system of claim 1, further including: a hash encoder for encoding the requested service name and required parameters; a digital signing subsystem for signing requests for services; an encryption subsystem for encrypting the signed and encoded requests for services; a decryption subsystem for decrypting the signed and encoded service request; and a hash verifier for verifying the hash encoded service request.
 3. The system of claim 1 further including an aggregator subsystem to receive encoded, signed, and encrypted requests from at least one requesting client and to dispatch allowed requests to external service providers.
 4. The system of claim 1 further including a function invocation interface to connect application code in the requesting client to remote service requests.
 5. The system of claim 1 further including a function registration subsystem to identify and access security and policy services that are defined by a requesting client.
 6. The system of claim 1 further including a discovery protocol to identify and access security and policy services that are defined by a requesting client.
 7. The system of claim 1 wherein the security and policy services and the requesting client application are executed on the same processor.
 8. The system of claim 1 wherein each service request is assigned a unique transaction number.
 9. The system of claim 3 wherein the aggregator subsystem and the requesting client application are executed on the same processor.
 10. The system of claim 3 wherein the aggregator subsystem and the security and policy services are executed on the same processor.
 11. The system of claim 1 wherein the policy authenticator includes: a policy object language compiler and generator for specifying policy rules; a policy decision point for adjudicating policy requests based on the policy rules; and at least one policy execution point for executing policy decisions.
 12. A method for secure computing device control and operation for a requesting client from remote security and policy services having a service management subsystem and a secure services subsystem, the steps comprising: create a remote service object that includes the name of the service and the required parameters; transmit the service object to the service management subsystem of the remote security and policy services; receive the service object at the service management subsystem of the remote security and policy services; authorize the execution of the remote service by checking for policy authorization; dispatch the service request to a remote service handler for processing; execute the service request generating a response; dispatch the response from the remote service handler to the service management subsystem of the remote security and policy services; receive the response from the remote service handler; and transmit the response back to the originating requestor.
 13. The method of claim 12 further including the steps: calculate a hash encoding of the service object at the requesting client; digitally sign the hash encoded service object; encrypt the hash encoded and signed service object prior to transmission to the service management subsystem; decrypt the service object at the service management subsystem; verify the hash encoding of the service object prior to authorization to execute the remote service; and encrypt the response returned from the service handler prior to transmission back to the originating requestor. 